E-health gets last-minute access change

The Australian Government has finalised its plans for its personally-controlled electronic health record (PCEHR) system with the release of a final Concept of Operations report, which contains significant alterations to how the proposed system will work, including a change in how health providers will be able to access medical information.

The Australian Government has finalised its plans for its personally-controlled electronic health record (PCEHR) system with the release of a final Concept of Operations report, which contains significant alterations to how the proposed system will work, including a change in how health providers will be able to access medical information.

The final plans (PDF) for the health record system, which is expected to be made available to the general public in July next year, were released by the Minister for Health and Ageing, Nicola Roxon, today.

One of the largest changes from the draft blueprint is how users will allow healthcare providers to access their records.

Previously, access to users' health records were dictated by two user-definable lists — an include list and an exclude list. In the final plans for the PCEHR system, a single access list replaces the two, to show which organisations are permitted to access a user's PCEHR.

In turn, the ability for an organisation to add itself to the list is governed by two types of access controls — basic and advanced.

By default, users maintain basic access controls. However, they will also be given the option to create a series of advanced access control settings.

Under the basic access controls (set as default), any healthcare providers that are providing care to a user can automatically add themselves to the user's access list. The user is notified when this occurs.

Under advanced access controls, users can choose to set up a Provider Access Consent Code, or PACC. Healthcare organisations will need to have the correct PACC in order to add themselves to a user's access list.

Users that have set up a PACC will also be given the option of controlling access to clinical documents on a document-by-document basis. Access to documents can be classified as general or limited access, with limited access documents being limited to organisations of the user's choosing.

Regardless of the access control used, organisations will be removed from the access list if they do not access a user's PCEHR for more than three years.

Users can also revoke access to their PCEHR by marking organisations on their access list as "revoked".

Emergency access continues to operate in the same fashion as it did in the draft, with healthcare organisations able to add themselves to a user's access list when needed; however, the final plan clarifies that after five days, the organisation's access will revert to its previous access level. All emergency access will continue to be logged for auditing purposes.

Audit trails themselves have also had some changes. Users that are viewing audit trails will not be able to see the names of the medical professionals that accessed or made changes to their records. Instead, only the role of the person will be available. Users that wish to know these details would have to formally request the information.

Sign-up options for PCEHR have also been expanded and made slightly easier.

The final plan has removed the requirement for users to provide their address during registration and users will be able to register via mail if they are able to provide 100 points of identification.

The scope of the system has also been reduced slightly. Clinical documents included in the system no longer include diagnostic imaging reports, although it is expected that this will be included in a future release after further consultation with the industry.

The respective web portals that consumers and providers use to administer PCEHR are another two features that have had a slight reduction in scope.

Although Roxon previously hinted at the possibility of accessing records through these portals on iPhones and BlackBerry devices, with tablet support included in the draft blueprint, support for mobile devices appears to have been dropped in the final report.

The next stage of the PCEHR system will include the development for legislation around its implementation. A Legislative Issues Paper has been developed to establish the arrangements of operating the PCEHR system and the processes for participating in it and conducting enquiries or lodging complaints. It considered the risks that a PCEHR system will present, and any other applicable legislation such as privacy laws.

Consultation on the Issues Paper closed early last month and is now being used to draft legislation. In a recent timeline, the government said it hoped to have the legislation passed by March or April 2012.